the flag is consists of two parts. First part of the flag is set inside we_must_be_sure_flag_part1_is_ready function, and a second part inside we_must_be_sure_flag_part2_is_ready function.
So to get the flag we need to call these functions consequentially. After that, assert statement:assert FLAG != part1_of_flag will be successfully passed and the flag will be printed.
Using func_closure of div, I received atuple of cells that contain bindings for the function’s free variables.
And I've found needed functions:
div.func_closure[8] – we_must_be_sure_flag_part1_is_ready function
div.func_closure[9] – we_must_be_sure_flag_part2_is_ready function
After calling them I've successfully got a flag!
Here is a full exploit code: